_ck_ (@_ck_)

Forum Replies Created

Viewing 25 replies - 1 through 25 (of 2,186 total)
  • @_ck_

    Participant

    0.9 users should upgrade to (or start with) the 0.9 branch

    which was the final version of 0.9

    but 0.9.0.7 appears to simply be a copy of the final 0.9 branch

    browse https://bbpress.trac.wordpress.org/browser/branches/0.9

    zip https://bbpress.trac.wordpress.org/changeset/3730/branches/0.9?old_path=%2F&format=zip

    svn co http://svn.automattic.com/bbpress/branches/0.9/

    From what I can tell, JJJ just copied the branch over to make “0.9.0.7”

    https://bbpress.trac.wordpress.org/changeset/3517

    https://bbpress.trac.wordpress.org/changeset/3535

    https://bbpress.trac.wordpress.org/log/tags/0.9.0.7/bb-includes?rev=3535

    That’s all he did, there were no other changes, improvements or fixes.

    But there really are some fixes in the final 0.9 branch over 0.9.0.6

    There were 12 files changed from 0.9.0.6 to 0.9.0.7 (aka 0.9 branch)

    https://bbpress.trac.wordpress.org/changeset?old_path=%2Ftags%2F0.9.0.6&old=2338+&new_path=%2Ftags%2F0.9.0.7&new=3715

    bb-includes/default-filters.php (1 diff)

    bb-includes/wp-functions.php (2 diffs)

    bb-includes/pluggable.php (1 diff)

    bb-includes/functions.php (3 diffs)

    bb-includes/registration-functions.php (1 diff)

    bb-includes/template-functions.php (3 diffs)

    bb-includes/compat.php (1 diff)

    search.php (1 diff)

    bb-plugins/akismet.php (4 diffs)

    bb-admin/bb-do-counts.php (3 diffs)

    bb-admin/admin.php (1 diff)

    bb-admin/admin-functions.php (2 diffs)

    It’s hard to be 100% positive but I am pretty sure they addressed the base64 decoding bug.

    Those with 0.9.0.6 can replace just these files to upgrade to 0.9.0.7

    https://bbpress.trac.wordpress.org/changeset?format=zip&new=3715&old=2338&new_path=%2Ftags%2F0.9.0.7&old_path=%2Ftags%2F0.9.0.6

    (those running versions before 0.9.0.6 will need more files from a fuller upgrade, do not use just the above files as it will break your install)

    Everyone should still use my mini-plugin to protect bbpress and wordpress for yet-unidentified security issues. It’s better than nothing. You can even remove the header and just copy the one IF block to your bb-config.php and wp-config.php

    If 256 characters turns out to be too short of a URL restriction, some may need to raise it as high as 1024, for example in WordPress where it stupidly uses GET now to mass delete posts, which was a dumbfounding move on their part.

    <?php
    /*
    Plugin Name: Block Long/Bad Queries (for bbPress and WordPress)
    */

    if (strlen($_SERVER['REQUEST_URI'])>1024 ||
    preg_match('@(eval|base64|unescape)[^a-zA-Z0-9]@si',$_SERVER['REQUEST_URI']))
    {
    header('HTTP/1.1 414 Request-URI Too Long');
    header('Status: 414 Request-URI Too Long');
    header('Connection: Close');
    exit;
    }

    @_ck_

    Participant

    I just realized I am not escaping < and > in that code.

    It most probably should be.

    So anywhere you do not see a slash in front, add one, ie.

    <

    >

    actually to be more clear, try this

    $text = preg_replace('|<a (.*)rel=['"]nofollow['"]([^>]+)?>|iU','<a $1>', $text);	// strip ALL nofollow
    $text = preg_replace('|<a (?=([^>]+http://))(?!([^>]+'.$domain.'))([^>]+)>|iU', '<a $1 rel="nofollow" target="_blank">', $text);

    sorry, don’t have time to debug it more, someone will have to throw it into a regex tester and check it against some same sample links

    @_ck_

    Participant

    Don’t really have the time to debug all that but if it’s selecting too much, try replacing this

    (.+)

    with this

    ([^>]+)

    which hopefully will stop it from going past the end of the anchor tag

    @_ck_

    Participant

    Check wp-config.php for any lines that define a $wp-> object setting.

    They will break wordpress 3.1 or higher and give a $wp->add_query_var error.

    For example:

    $wp->cookiedomain = '.example.com';

    Will work in 3.0 and below but break WP 3.1 and 3.2

    You’ll have to research for the replacement define setting as an alternative to $wp->

    For example, the modern replacement for the above line is

    define(COOKIE_DOMAIN,'.example.com');

    @_ck_

    Participant

    Check wp-config.php for any lines that define a $wp-> object setting.

    They will break wordpress 3.1 or higher and give a $wp->add_query_var error.

    For example:

    $wp->cookiedomain = '.example.com';

    Will work in 3.0 and below but break WP 3.1 and 3.2

    You’ll have to research for the replacement define setting as an alternative to $wp->

    For example, the modern replacement for the above line is

    define(COOKIE_DOMAIN,'.example.com');

    @_ck_

    Participant

    @JJJ There are already 4300+ downloads of the beta in the past 10 days (because it’s on wordpress.org) and the twitter volume about it has exploded. There is going to be a surge of questions. I’m just suggesting you get ahead of the wave.

    @_ck_

    Participant

    So, before bbpress.org is completely overrun with 2.0 questions, becoming intermixed with the six years worth of standalone knowledgebase (thereby making useful searches impossible) are y’all going to make a sub-forum for it or not?

    @_ck_

    Participant

    Because you cannot disable access for all files in the template directory – CSS and some images have to be loaded directly by the browsers in the end.

    So turning off PHP responses will do for now.

    @_ck_

    Participant

    Because you cannot disable access for all files in the template directory – CSS and some images have to be loaded directly by the browsers in the end.

    So turning off PHP responses will do for now.

    @_ck_

    Participant

    Rest assured it’s not permanently deleted (just do NOT do a recount).

    There may be a bug somewhere in the 1.0.2 api

    There are a few things you can try.

    First, if you are using permalinks, temporarily turn that feature off, it might help. Then go try undeleting it again.

    bbPress also has a “safemode” just in case a plugin is interfering.

    Temporarily try putting

    $bb->safemode=1;

    into your bb-config.php file

    Then try undeleting it again.

    (remove that line and restore permalinks afterwards)

    If all that fails, you need to have phpmyadmin or similar on your hosting.

    If you have that, you can manually go into the topics database table and change the status back to 0

    10 months ago, someone reported the same problem

    https://bbpress.org/forums/topic/undelete-topics-does-not-work

    So be sure to try 1.0.3 (you should upgrade anyway).

    If that does not change things, the fix might only exist in bbPress 1.1 which is supposed to have a release candidate by the end of this month (maybe).

    @_ck_

    Participant

    Rest assured it’s not permanently deleted (just do NOT do a recount).

    There may be a bug somewhere in the 1.0.2 api

    There are a few things you can try.

    First, if you are using permalinks, temporarily turn that feature off, it might help. Then go try undeleting it again.

    bbPress also has a “safemode” just in case a plugin is interfering.

    Temporarily try putting

    $bb->safemode=1;

    into your bb-config.php file

    Then try undeleting it again.

    (remove that line and restore permalinks afterwards)

    If all that fails, you need to have phpmyadmin or similar on your hosting.

    If you have that, you can manually go into the topics database table and change the status back to 0

    10 months ago, someone reported the same problem

    https://bbpress.org/forums/topic/undelete-topics-does-not-work

    So be sure to try 1.0.3 (you should upgrade anyway).

    If that does not change things, the fix might only exist in bbPress 1.1 which is supposed to have a release candidate by the end of this month (maybe).

    In reply to: bbPress 1.0.3 released

    @_ck_

    Participant

    @mr_pelle let’s be sure to keep reminding them on that mysql 5.5 blocker solved for the 1.1 release candidate which might be out by the end of March.

    It’s already flagged critical so it should get some attention.

    In reply to: bbPress 1.0.3 released

    @_ck_

    Participant

    @mr_pelle let’s be sure to keep reminding them on that mysql 5.5 blocker solved for the 1.1 release candidate which might be out by the end of March.

    It’s already flagged critical so it should get some attention.

    @_ck_

    Participant

    Sounds like it’s a bug with the scope of the $user variable.

    If it’s not fixed in 1.0.3 maybe they fixed it in 1.1 which will have a release candidate soon.

    There’s also a chance it’s a bug with a customized template.

    @_ck_

    Participant

    Sounds like it’s a bug with the scope of the $user variable.

    If it’s not fixed in 1.0.3 maybe they fixed it in 1.1 which will have a release candidate soon.

    There’s also a chance it’s a bug with a customized template.

    @_ck_

    Participant

    I am wondering if they disabled plugin submission for non-mods due to spam, since it’s not filtered by akismet and there have been a ton of bot registrations here lately. Hoping that is just the case and not that they are discouraging submissions.

    The problem is I do not even know who is in control anymore, not sure it’s JJJ who did that.

    Hopefully admin will notice this topic sooner or later and fix it.

    I will be happy to host your plugin for download on bbShowcase.org in the meanwhile though, just zip it up and send it to the email on my donate page. Then you can make an announcement here in the “plugins” sub-forum and link to the download.

    @_ck_

    Participant

    I am wondering if they disabled plugin submission for non-mods due to spam, since it’s not filtered by akismet and there have been a ton of bot registrations here lately. Hoping that is just the case and not that they are discouraging submissions.

    The problem is I do not even know who is in control anymore, not sure it’s JJJ who did that.

    Hopefully admin will notice this topic sooner or later and fix it.

    I will be happy to host your plugin for download on bbShowcase.org in the meanwhile though, just zip it up and send it to the email on my donate page. Then you can make an announcement here in the “plugins” sub-forum and link to the download.

    In reply to: bbPress 1.0.3 released

    @_ck_

    Participant

    @ricardouk you should also not delete bb-config.php – there is no need to use a new copy of it, especially between minor version updates

    @pbul2004 to avoid lots of spam you need a registration captcha plugin or “Human Test” and optionally askismet

    Unfortunately there is no documentation on what the improvements between 1.0.2 and 1.0.3 were, there still isn’t even an official release announcement which is why I made one.

    You’d have to read the notes from TRAC which unfortunately have been made a mess by changing all the file mime property types, even on unchanged files.

    In reply to: bbPress 1.0.3 released

    @_ck_

    Participant

    @ricardouk you should also not delete bb-config.php – there is no need to use a new copy of it, especially between minor version updates

    @pbul2004 to avoid lots of spam you need a registration captcha plugin or “Human Test” and optionally askismet

    Unfortunately there is no documentation on what the improvements between 1.0.2 and 1.0.3 were, there still isn’t even an official release announcement which is why I made one.

    You’d have to read the notes from TRAC which unfortunately have been made a mess by changing all the file mime property types, even on unchanged files.

    In reply to: bbPress 1.0.3 released

    @_ck_

    Participant

    Upgrade the same way you upgrade wordpress.

    You can install the new version over the old copy, just don’t delete anything.

    Just make sure your template directory is not the same as bbpress default (kakumei) which you seem to be using “mytheme” so that’s fine.

    In reply to: bbPress 1.0.3 released

    @_ck_

    Participant

    Upgrade the same way you upgrade wordpress.

    You can install the new version over the old copy, just don’t delete anything.

    Just make sure your template directory is not the same as bbpress default (kakumei) which you seem to be using “mytheme” so that’s fine.

    @_ck_

    Participant

    Hacked means they injected javascript and such that was never meant to be posted by anyone.

    Spammed is just malicious posts. If you are simply spammed, install askismet and a captcha plugin or my Human Test plugin.

    Also, if you are running bbPress 1.0.2 make sure you upgrade to 1.0.3

    @_ck_

    Participant

    Hacked means they injected javascript and such that was never meant to be posted by anyone.

    Spammed is just malicious posts. If you are simply spammed, install askismet and a captcha plugin or my Human Test plugin.

    Also, if you are running bbPress 1.0.2 make sure you upgrade to 1.0.3

    @_ck_

    Participant

    Hi Mike, you are welcome to submit your plugin.

    There may just be a css problem with the form in your browser?

    I see the form just fine and it “works for me” ?

    https://bbpress.org/plugins/forum/requests

    @_ck_

    Participant

    Hi Mike, you are welcome to submit your plugin.

    There may just be a css problem with the form in your browser?

    I see the form just fine and it “works for me” ?

    https://bbpress.org/plugins/forum/requests

Viewing 25 replies - 1 through 25 (of 2,186 total)